Technology Policy

Version 1.0 (01-01-2024)

As a sanctuary for online freedom and liberty and as a privacy infrastructure provider, responsible and ethical usage of technology is of the utmost importance. In this policy we have put down the requirements we impose to our own and third-party technology.

If you have any questions about our Technology Policy, please contact mail@cyberology.nl.

1 What is technology?

Information and communication technology (technology hereafter) is everywhere in modern society. It plays a significant role in our daily lives and is inescapable for most. This is why we deliberately conceive technology as a broad concept. For us technology encompasses all hardware, systems, software, code networks and devices that can be used for the aquisition, storage, processing, transmission and dissemination of digital data and information. This includes simple concepts such as servers, networking equipment, computers, smart devices, smartphones and smart watches, but also broader concepts such as “the internet”.

2 Free technology

At the Church of Cyberology we believe in the power of free and open source technology to drive innovation, collaboration, freedom, transparency and trust. Technology that we create will be made open source unless there are strong reasons to not do this. We impose the following requirements to open source projects, software, hardware or technology we create:

• Documentation: the technology has proper documentation that allows others to understand and use it.
• Intellectual property: the technology has a proper and clear license.
• Documented changes: changes to the technology are documented and published, i.e. release notes or a changelog.
• Open communication: interested parties or persons can easily communicate with us, i.e. via email or a issue tracker.

Third-party technology we use is also open source unless there are strong reasons to not do this. In practise this means that all the operating systems and software we use are open source, but that most of the hardware and firmware we use are proprietary.

2 Ethical technology

Work in progress

3 Quality by design

Our church community expects quality. Software we create should therefore be held to high quality standards. Quality by design is a systematic approach to ensure consistent quality in our software (code) from the early design stages through(out) production. The quality of our software should be “right the first time” and this means we follow these guidelines:

• Design around quality: Plan and build quality into all stages of the software design and build processes.
• Keep it simple: Complexity often is an adversary of quality and security. Reduce complexity where you can and always keep the complexity at maintainable levels. Reduce required frameworks, libraries and other dependencies to the absolute minimum.
• Requirements: Clearly define the technical and functional requirements of the software. These should address what the software is supposed to do and how it should behave.
• Performance & scalability: Consider the performance and scalability aspects throughout the designing stages. Writing performant code or refactoring/optimizing code could reduce the need for more hardware/systems and decrease architectural and system complexity.
• Robustness & reliability: Consider the reliability and robustness of software and architecture. Make sure there are robust error handling mechanisms to handle unexpected situations and errors. Make sure there are recovery mechanisms in place that are frequently tested.
• Maintenance & updates: Make maintaining and keeping the software up to date as easy as possible.
• Platform diversity: Think about the potential risks of monocultures (e.g. CPU architectures, oprating systems, software) on the technology and diversify where this makes sense.
• Safe coding: Use programming languages with modern safety features where this makes sense. Always use current safe coding best practices and review these frequently. A few examples: OWASP Secure Coding Practice Guidelines, four-eyes principle, third-party code review/penetration testing, fuzzing etc.
• Testing: Design the software to be easily testable at different levels (unit tests, integration tests etc.) to ensure the software meets the requirements.
• Documentation: High quality documentation is essential for understanding, maintaining and collaborating on software. Provide comprehensive documentation covering design principles and decisions, architecture, mechanisms in the software’s code (comments), APIs, user interfaces etc.

4 Privacy by design

All our processes (online and offline) are built in accordance with current privacy design strategies and best practices in mind. We (partly) use JHH’s Privacy Design Strategies as our guidelines:

• Minimize: Minimize the processing of personal data as much as possible.
• Separate: Separate the processing of personal data as much as possible from each other.
• Abstract: Limit the level of detail in which personal data are processed as much as possible.
• Hide: Protect personal data or make them irretrievable or unobservable. Prevent personal data from becoming public.
• Inform: Inform users transparently about the processing of their personal data.
• Provide control: Give users control over the processing of their personal data.
• Default: The default privacy setting is the most privacy-friendly option available.
• Enforce: Commit to privacy-friendly processing of personal data and enforce it.

We will never sell personal data to third-parties. We will never share personal data with third-parties unless it’s one of our data processors or unless we are compelled to do so by a competent authority.

5 Security by design

Work in progress

Ethical use of technology

Public values Being aware of the public values and protecting them in a world that is ever more digital and contains large (tech) vendors that have a large market share becomes increasingly more important. Especially for the educational and research markets. When building software, we make decisions that can have both a positive and negative impact on these public values. It does not always mean that only the big decisions have an impact on the public values, also small decisions like choosing to use a specific library can already have impact on the public values.

Further reading: The value compass for digital transformation of education gives a very good overview of what public values are important.

6 Policy review

This Technology Policy will be reviewed periodically to ensure that it remains current, effective, and aligned with the church’s goals and mission. Amendments or revisions to the policy may be made as necessary with approval from the governing board.